What Rights Do Individuals Have To Information?

What Rights Do Individuals Have To Information?

Recent research by the Information Commissioner’s Office found that 92% of individuals are concerned that organisations do not keep their details secure. They also discovered 60% of individuals believe that they have lost control of the way their personal information is collected and processed. So what happens if you suddenly have your customers asking about their data if they can see it?

Legal Obligations

There are two pieces of legal legislation, The Freedom of Information Act 2000 and the Data Protection Act 1998 – Principle 6. The Freedom of Information Act (FOIA) 2000 applies only to public sector bodies, the Act exists to promote openness and accountability.

The Data Protection Act (DPA) 1998 applies to all organisations that handle personal data, Principle Six is concerned with ensuring data is processed in line with the data subjects’ rights.

A request for information under the FOIA is simply referred to as a Freedom of Information Act Request. Under Principle Six of the DPA, a request for information is known as a Subject Access Request.

Data Entitlements

The FOIA gives any individual the right to access all information held by public authorities. The DPA enables individuals to access their personal information only.


Under the FOIA, information cannot be supplied if it either fails the public interest test or contains personal information. The ‘Public Interest’ test is used to decide whether the public interest in withholding the information outweighs the public interest in releasing it.

When the information contains personal data, it cannot be supplied, unless it concerns the individual involved, then a Subject Access Request must be used. This does not mean that a Public Body can withhold an entire document, an edited version should be provided.

The Subject Access Request enables an individual to access their information only, they have no right to any 3rd party data. The individual also is only entitled to their data held within a document, not the document itself.


Under a FOIA request, the individual has to give no reason to access information. The nature of the Act is to promote openness, allowing individuals to better understand decisions that are made and the way public money is spent.

With a Subject Access Request, the individual cannot access the information simply because they are interested in the contents, there has to be a justifiable reason.

Be better prepared

It is the responsibility of all organisations to be prepared to handle such requests. All areas of the organisation should understand how to recognise and handle these requests. Ideally your organisation should have systems in place to respond quickly to these requests.

For an organisation that handles personal data, and especially data controllers, it is imperative that they understand the rights of the individuals. It is the Information Commissioner’s Office role to ensure you comply with the Data Protection Act. They promote good information handling, conducting assessments of compliance and report directly to parliament.

Find Out More

Share this post

Join our cloud community

Join our cloud community Sign up for email updates